Leon Cullens' Blog - Windows 8Software engineering, entrepreneurship, marketing, and everything in between.http://leoncullens.nl/
http://www.rssboard.org/rss-specificationBlogEngine.NET 2.5.0.6en-UShttp://leoncullens.nl/opml.axdhttp://www.dotnetblogengine.net/syndication.axdLeonLeon Cullens' Blog0.0000000.000000How to capture Windows 8 app traffic with Fiddler<p>One of my favorite development tools is <a href="http://fiddler2.com/" target="_blank">Fiddler</a>. It's a really useful tool that allows you to see what requests your app is performing, and you can create new requests that can interact with your app/API. Here's how you can get it working with Windows 8 apps, and why it's useful.</p>
<script type="text/javascript">// <![CDATA[
google_ad_client = "ca-pub-8014229733111715";
/* main_leaderbord */
google_ad_slot = "9742371131";
google_ad_width = 728;
google_ad_height = 90;
// ]]></script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">// <![CDATA[
// ]]></script>
<h2>Why is it useful?</h2>
<p>Currently I am working on a&nbsp;<a href="https://www.facebook.com/Googalytics" target="_blank">Google Analytics app for Windows 8</a>. That involves performing a lot of HTTP requests to the Google API. Because you'd want to write your app as efficient as possible, and because you don't want to waste your API quota, it's important to monitor what requests your app is performing so you can optimize them by caching data, by bundling requests or by lazy loading data when it's needed. With Fiddler you can capture these requests, and more important: you can exactly see what data they are returning, so you won't have to go through your debugger to inspect the returned data. Another benefit is that you can create custom requests to test out any requests before you implement them in your app.</p>
<p>&nbsp;<img src="http://leoncullens.nl/image.axd?picture=2013%2f9%2ffiddler.png" alt="" width="500" height="300" /></p>
<h2>The problem</h2>
<p>By default you can't monitor requests made by Windows 8 apps (at least not in Windows 8.1, not sure about 8.0), especially not HTTPS traffic. For security reasons, Windows 8 blocks apps from sending network traffic to the local computer, meaning that the traffic won't run through your Fiddler proxy and thus cannot be captured. Luckily, there's an easy fix though.</p>
<h2>The solution</h2>
<p>In order to monitor traffic by Windows 8 apps, you need to start Fiddler and click on Win8 Config:</p>
<p><img src="http://leoncullens.nl/image.axd?picture=2013%2f9%2fwin8config.PNG" alt="" /></p>
<p>This will open a new window where you can exempt apps from this restriction. To do this, select your app (or all apps) and press Save Changes:</p>
<p><img src="http://leoncullens.nl/image.axd?picture=2013%2f9%2fexempt.png" alt="" /></p>
<p>After you've done that, you're good to go.</p>
<h2>Monitor HTTPS traffic</h2>
<p>If your requests are performed using HTTPS, there's a little bit more to do, you need to enable HTTPS decryption so that fiddler can decrypt your requests. I needed this for my Google Analytics app because all requests to Google Analytics are performed using HTTPS. To enable HTTPS decryption, go to Tools -&gt; Fiddler Options -&gt; HTTPS. You'll see this:</p>
<p><img src="http://leoncullens.nl/image.axd?picture=2013%2f9%2fdecrypt.PNG" alt="" /></p>
<p>Make sure that you check the Decrypt HTTPS traffic checkbox. Press OK, and accept any certificates. After that, you'll be able to monitor everything there's to monitor in your Windows 8 apps!</p>
<script type="text/javascript">// <![CDATA[
google_ad_client = "ca-pub-8014229733111715";
/* main_leaderbord */
google_ad_slot = "9742371131";
google_ad_width = 728;
google_ad_height = 90;
// ]]></script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">// <![CDATA[
// ]]></script>http://leoncullens.nl/post/2013/09/13/How-to-capture-Windows-8-app-traffic-with-Fiddler.aspx
admin@leoncullens.nlhttp://leoncullens.nl/post/2013/09/13/How-to-capture-Windows-8-app-traffic-with-Fiddler.aspx#commenthttp://leoncullens.nl/post.aspx?id=69d64f52-0a25-493a-972f-35ab125949bfFri, 13 Sep 2013 21:10:00 +0100Windows 8Leon Cullenshttp://leoncullens.nl/pingback.axdhttp://leoncullens.nl/post.aspx?id=69d64f52-0a25-493a-972f-35ab125949bf1http://leoncullens.nl/trackback.axd?id=69d64f52-0a25-493a-972f-35ab125949bfhttp://leoncullens.nl/post/2013/09/13/How-to-capture-Windows-8-app-traffic-with-Fiddler.aspx#commenthttp://leoncullens.nl/syndication.axd?post=69d64f52-0a25-493a-972f-35ab125949bfUsing OAuth 2 in WinRT using C#: it has never been easier before<p>WinRT has a built-in authentication client that can be used to authenticate users through Facebook, Twitter, Flickr, Google, etc. This post covers the process of authenticating users with Google. </p>
<script type="text/javascript">// <![CDATA[
google_ad_client = "ca-pub-8014229733111715";
/* main_leaderbord */
google_ad_slot = "9742371131";
google_ad_width = 728;
google_ad_height = 90;
// ]]></script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">// <![CDATA[
// ]]></script>
<h2>Architecture</h2>
<p>Before I start explaining how the OAuth process work, I'd like to talk about the architecture. While it's possible to write inline OAuth code in the code-behind of your View, I personally find it a nice and clean way to create an 'OAuth2Service' class for this. In this class we can place methods to request tokens, and that kind of stuff. We can then inject this 'service' into our View or ViewModel, or any other class. So for this example I'm going to an IOAuth2Service interface:</p>
<pre class="brush: c-sharp;">interface IOAuth2Service
{
void RequestToken();
}</pre>
<p class="brush: c-sharp;">After that we create an OAuth2Service class that implements IOAuth2Service:</p>
<pre class="brush: c-sharp;">class OAuth2Service : IOAuth2Service
{
public async void RequestToken()
{
}
}</pre>
<p class="brush: c-sharp;">Now that we have implemented the interface, we could also create another implementation of&nbsp;IOAuth2Service that can be used for testing purposes (i.e. unit testing).</p>
<h2 class="brush: c-sharp;">OAuth</h2>
<p>Now that we have the skeleton in place, we can implement the code needed to perform an actual request.</p>
<pre class="brush: c-sharp;">public async void RequestToken()
{
const string url = "https://accounts.google.com/o/oauth2/auth?" +
"client_id=" + "clientID here" +
"&amp;redirect_uri=" + "redirectURI here" +
"&amp;response_type=code" +
"&amp;scope=" + "scopes here";
Uri startUri = new Uri(url);
Uri endUri = new Uri("https://accounts.google.com/o/oauth2/approval?");
try
{
WebAuthenticationResult webAuthenticationResult =
await WebAuthenticationBroker.AuthenticateAsync(WebAuthenticationOptions.UseTitle, startUri, endUri);
if (webAuthenticationResult.ResponseStatus == WebAuthenticationStatus.Success)
{
string token = webAuthenticationResult.ResponseData;
// now you have the token
}
else if (webAuthenticationResult.ResponseStatus == WebAuthenticationStatus.ErrorHttp)
{
// do something when the request failed
}
else
{
// do something when an unknown error occurred
}
}
catch (Exception)
{
// do something when an exception occurred
}
}</pre>
<p class="brush: c-sharp;">That's it. That's everything you need to perform OAuth requests. What happens here: we enter the client ID that can be found in the Google API Console for the API you'd like to use (for instance: youtube), we enter the redirect URI which can be found in the Google API Console as well, and finally we add the scope (actually it can hold multiple scopes).&nbsp;We also specify an endUri that will be used as a callback. After that we pass all the arguments into&nbsp;WebAuthenticationBroker.AuthenticateAsync which executes the request and returns us a response.&nbsp;Note that the method is marked as 'async' because we're executing an async call to the Google API (that's why we use 'await' in front of&nbsp;WebAuthenticationBroker.AuthenticateAsync).</p>
<p class="brush: c-sharp;">Now you just have to instantiate an OAuth2Service object and call the RequestToken() method. This will launch a nice log on screen from Google:</p>
<p><img src="http://leoncullens.nl/image.axd?picture=2012%2f9%2foauthgooglesmall.png" alt="" /></p>
<p>The Google log on process also works when you're using 2-step verification; it will just take another extra step for the user.</p>
<script type="text/javascript">// <![CDATA[
google_ad_client = "ca-pub-8014229733111715";
/* main_leaderbord */
google_ad_slot = "9742371131";
google_ad_width = 728;
google_ad_height = 90;
// ]]></script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">// <![CDATA[
// ]]></script>
<h2>Summary</h2>
<p>That's about it. Performing OAuth 2 requests has become extremely easy in WinRT. There's basically one line of code that is needed: the call to AuthenticateAsync in the WebAuthenticationBroker class. This means that using DotNetOpenAuth is no longer needed in WinRT (in fact: it doesn't even work in WinRT when I'm writing this).&nbsp;If you'd like to see examples in other languages (C++, JS, VB.NET) or for other platforms (Facebook, Flickr, Twitter) you can download the examples from Microsoft from this link:&nbsp;<a href="http://code.msdn.microsoft.com/windowsapps/Web-Authentication-d0485122">http://code.msdn.microsoft.com/windowsapps/Web-Authentication-d0485122</a>.</p>http://leoncullens.nl/post/2012/09/26/Using-OAuth-2-in-WinRT-using-Csharp-it-has-never-been-easier-before.aspx
admin@leoncullens.nlhttp://leoncullens.nl/post/2012/09/26/Using-OAuth-2-in-WinRT-using-Csharp-it-has-never-been-easier-before.aspx#commenthttp://leoncullens.nl/post.aspx?id=dee23973-d655-4edc-9f2c-ed379a34687aWed, 26 Sep 2012 18:24:00 +0100Windows 8Leon Cullenshttp://leoncullens.nl/pingback.axdhttp://leoncullens.nl/post.aspx?id=dee23973-d655-4edc-9f2c-ed379a34687a6http://leoncullens.nl/trackback.axd?id=dee23973-d655-4edc-9f2c-ed379a34687ahttp://leoncullens.nl/post/2012/09/26/Using-OAuth-2-in-WinRT-using-Csharp-it-has-never-been-easier-before.aspx#commenthttp://leoncullens.nl/syndication.axd?post=dee23973-d655-4edc-9f2c-ed379a34687a